If you want to distribute a plugin either through the Liferay Marketplace or through your web site, you have to assume any potential users have Security Manager turned on. For this reason, you should have it turned on when doing final testing on your applications.
It’s very easy to activate the security manager. Set the following property to true:
As a suggested plugin development approach, disable the security manager (by setting this property to false) until after you are done developing your plugin. By default, the security manager is turned off.
Next, we’ll look at exactly what APIs the security manager protects, and how you can declare whether your application uses any of these properties.